if (preg_match('/^log_size.*_(.*)$/', $key, $matches)) {
setOption($matches[1] . '_log_size', $value);
setOption($matches[1] . '_log_mail', (int) isset($_POST['log_mail_' . $matches[1]]));
}
}
}
/* * * Gallery options ** */
if (isset($_POST['savegalleryoptions'])) {
$_zp_gallery->setAlbumPublish((int) isset($_POST['album_default']));
$_zp_gallery->setImagePublish((int) isset($_POST['image_default']));
setOption('AlbumThumbSelect', sanitize_numeric($_POST['thumbselector']));
$_zp_gallery->setThumbSelectImages((int) isset($_POST['thumb_select_images']));
$_zp_gallery->setSecondLevelThumbs((int) isset($_POST['multilevel_thumb_select_images']));
$_zp_gallery->setTitle(process_language_string_save('gallery_title', 2));
$_zp_gallery->setDesc(process_language_string_save('Gallery_description', EDITOR_SANITIZE_LEVEL));
$_zp_gallery->setWebsiteTitle(process_language_string_save('website_title', 2));
$web = sanitize($_POST['website_url'], 3);
$_zp_gallery->setWebsiteURL($web);
$_zp_gallery->setAlbumUseImagedate((int) isset($_POST['album_use_new_image_date']));
$st = strtolower(sanitize($_POST['gallery_sorttype'], 3));
if ($st == 'custom') {
$st = strtolower(sanitize($_POST['customalbumsort'], 3));
}
$_zp_gallery->setSortType($st);
if ($st == 'manual' || $st == 'random') {
$_zp_gallery->setSortDirection(false);
} else {
$_zp_gallery->setSortDirection(isset($_POST['gallery_sortdirection']));
}
foreach ($_POST as $item => $value) {
if (strpos($item, 'gallery-page_') === 0) {
/**
*
* handles save of user/password
* @param object $object
*/
function processCredentials($object, $suffix = '')
{
$notify = '';
if (isset($_POST['password_enabled' . $suffix]) && $_POST['password_enabled' . $suffix]) {
if (is_object($object)) {
$olduser = $object->getUser();
} else {
$olduser = getOption($object . '_user');
}
$newuser = trim(sanitize($_POST['user' . $suffix], 3));
$pwd = trim(sanitize($_POST['pass' . $suffix]));
if (isset($_POST['disclose_password' . $suffix])) {
$pass2 = $pwd;
} else {
if (isset($_POST['pass_r' . $suffix])) {
$pass2 = trim(sanitize($_POST['pass_r' . $suffix]));
} else {
$pass2 = '';
}
}
$fail = '';
if ($olduser != $newuser) {
if (!empty($newuser) && strlen($_POST['pass' . $suffix]) == 0) {
$fail = '?mismatch=user';
}
}
if (!$fail && $pwd == $pass2) {
if (is_object($object)) {
$object->setUser($newuser);
} else {
setOption($object . '_user', $newuser);
}
if (empty($pwd)) {
if (strlen($_POST['pass' . $suffix]) == 0) {
// clear the password
if (is_object($object)) {
$object->setPassword(NULL);
} else {
setOption($object . '_password', NULL);
}
}
} else {
if (is_object($object)) {
$object->setPassword(Zenphoto_Authority::passwordHash($newuser, $pwd));
} else {
setOption($object . '_password', Zenphoto_Authority::passwordHash($newuser, $pwd));
}
}
} else {
if (empty($fail)) {
$notify = '?mismatch';
} else {
$notify = $fail;
}
}
$hint = process_language_string_save('hint' . $suffix, 3);
if (is_object($object)) {
$object->setPasswordHint($hint);
} else {
setOption($object . '_hint', $hint);
}
}
return $notify;
}
static function extracontent($obj, $instance, $field, $type)
{
if ($type == 'save') {
$extracontent = zpFunctions::updateImageProcessorLink(process_language_string_save("extracontent", EDITOR_SANITIZE_LEVEL));
$obj->setExtracontent($extracontent);
$obj->save();
return NULL;
} else {
ob_start();
print_language_string_list($obj->getExtraContent('all'), 'extracontent', true, NULL, 'extracontent', '100%', 'zenpage_language_string_list', 13);
$item = ob_get_contents();
ob_end_clean();
return $item;
}
}
/**
* Updates a menu item (custom link, custom page only) set via POST
*
*/
function updateMenuItem(&$reports)
{
$menuset = checkChosenMenuset();
$result = array();
$result['id'] = sanitize($_POST['id']);
$result['show'] = getCheckboxState('show');
$result['type'] = sanitize($_POST['type']);
$result['title'] = process_language_string_save("title", 2);
$result['include_li'] = getCheckboxState('include_li');
if (getCheckboxState('span')) {
$result['span_id'] = sanitize($_POST['span_id']);
$result['span_class'] = sanitize($_POST['span_class']);
} else {
$result['span_id'] = '';
$result['span_class'] = '';
}
switch ($result['type']) {
case 'album':
$result['title'] = $result['link'] = sanitize($_POST['albumselect']);
if (empty($result['link'])) {
$reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to select an album.") . " </p>";
return $result;
}
break;
case 'galleryindex':
$result['title'] = process_language_string_save("title", 2);
$result['link'] = NULL;
if (empty($result['title'])) {
$reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>title</strong>!") . " </p>";
return $result;
}
break;
case 'zenpagepage':
$result['title'] = NULL;
$result['link'] = sanitize($_POST['pageselect']);
if (empty($result['link'])) {
$reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>link</strong>!") . " </p>";
return $result;
}
break;
case 'zenpagenewsindex':
$result['title'] = process_language_string_save("title", 2);
$result['link'] = NULL;
if (empty($result['title'])) {
$reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>title</strong>!") . " </p>";
return $result;
}
break;
case 'zenpagecategory':
$result['title'] = NULL;
$result['link'] = sanitize($_POST['categoryselect']);
if (empty($result['link'])) {
$reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>link</strong>!") . " </p>";
return $result;
}
break;
case 'custompage':
$result['title'] = process_language_string_save("title", 2);
$result['link'] = sanitize($_POST['custompageselect']);
if (empty($result['title'])) {
$reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>title</strong>!") . " </p>";
return $result;
}
break;
case 'customlink':
$result['title'] = process_language_string_save("title", 2);
if (empty($result['title'])) {
$reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>title</strong>!") . " </p>";
return $result;
}
$result['link'] = sanitize($_POST['link']);
if (empty($result['link'])) {
$reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to provide a <strong>function</strong>!") . " </p>";
return $result;
}
break;
case 'menulabel':
$result['title'] = process_language_string_save("title", 2);
$result['link'] = NULL;
if (empty($result['title'])) {
$reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>title</strong>!") . " </p>";
return $result;
}
break;
case 'menufunction':
$result['title'] = process_language_string_save("title", 2);
if (empty($result['title'])) {
$reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>title</strong>!") . " </p>";
return $result;
}
$result['link'] = sanitize($_POST['link'], 4);
if (empty($result['link'])) {
$reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to provide a <strong>function</strong>!") . " </p>";
return $result;
}
break;
case 'html':
$result['title'] = process_language_string_save("title", 2);
if (empty($result['title'])) {
$reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>title</strong>!") . " </p>";
return $result;
}
$result['link'] = sanitize($_POST['link'], 4);
if (empty($result['link'])) {
$reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to provide a <strong>function</strong>!") . " </p>";
return $result;
}
break;
default:
$result['link'] = sanitize($_POST['link'], 4);
break;
}
// update the category in the category table
$sql = "UPDATE " . prefix('menu') . " SET title = " . db_quote($result['title']) . ", link = " . db_quote($result['link']) . ", type = " . db_quote($result['type']) . ", `show` = " . db_quote($result['show']) . ", menuset = " . db_quote($menuset) . ", include_li = " . $result['include_li'] . ", span_id = " . db_quote($result['span_id']) . ", span_class = " . db_quote($result['span_class']) . " WHERE `id` = " . $result['id'];
if (query($sql)) {
if (isset($_POST['title']) && empty($result['title'])) {
$reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>title</strong>!") . " </p>";
} else {
if (isset($_POST['link']) && empty($result['link'])) {
$reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>link</strong>!") . " </p>";
} else {
$reports[] = "<p class = 'messagebox fade-message'>" . gettext("Menu item updated!") . " </p>";
}
}
}
return $result;
}
/**
* Updates a category
*
*/
function updateCategory(&$reports)
{
$date = date('Y-m-d_H-i-s');
$id = sanitize_numeric($_POST['id']);
$permalink = getcheckboxState('permalink');
$title = process_language_string_save("title", 2);
$desc = process_language_string_save("desc", 0);
$custom = process_language_string_save("custom_data", 1);
$titlelink = $oldtitlelink = sanitize($_POST['titlelink-old'], 3);
if (getcheckboxState('edittitlelink')) {
$titlelink = sanitize($_POST['titlelink'], 3);
if (empty($titlelink)) {
$titlelink = seoFriendly(get_language_string($title));
if (empty($titlelink)) {
$titlelink = seoFriendly($date);
}
}
} else {
if (!$permalink) {
// allow the link to change
$link = seoFriendly(get_language_string($title));
if (!empty($link)) {
$titlelink = $link;
}
}
}
$titleok = true;
if ($titlelink != $oldtitlelink) {
// title link change must be reflected in DB before any other updates
$titleok = query('UPDATE ' . prefix('news_categories') . ' SET `titlelink`=' . db_quote($titlelink) . ' WHERE `id`=' . $id, false);
if (!$titleok) {
$titlelink = $oldtitlelink;
// force old link so data gets saved
}
} else {
$titlelink = $oldtitlelink;
}
//update category
$show = getcheckboxState('show');
$cat = new ZenpageCategory($titlelink);
$notice = processPasswordSave($cat);
$cat->setPermalink(getcheckboxState('permalink'));
$cat->set('title', $title);
$cat->setDesc($desc);
$cat->setCustomData(zp_apply_filter('save_category_custom_data', $custom, $cat));
$cat->setShow($show);
if (getcheckboxState('resethitcounter')) {
$cat->set('hitcounter', 0);
}
$msg = zp_apply_filter('update_category', '', $cat, $oldtitlelink);
$cat->save();
if ($titleok) {
if (empty($titlelink) or empty($title)) {
$reports[] = "<p class='errorbox fade-message'>" . gettext("You forgot to give your category a <strong>title or titlelink</strong>!") . "</p>";
} else {
if ($notice == 'user') {
$reports[] = "<p class='errorbox fade-message'>" . gettext('You must supply a password for the Protected Category user') . '</p>';
} else {
if ($notice == 'pass') {
$reports[] = "<p class='errorbox fade-message'>" . gettext('Your passwords were empty or did not match') . '</p>';
} else {
$reports[] = "<p class='messagebox fade-message'>" . gettext("Category updated!") . "</p>";
}
}
}
} else {
$reports[] = "<p class='errorbox fade-message'>" . sprintf(gettext("A category with the title/titlelink <em>%s</em> already exists!"), html_encode($cat->getTitle())) . "</p>";
}
if ($msg) {
$reports[] = $msg;
}
return $cat;
}
/**
* Updates or adds a category
*
* @param array $reports the results display
* @param bool $newcategory true if a new article
*
*/
function updateCategory(&$reports, $newcategory = false)
{
$date = date('Y-m-d_H-i-s');
$id = sanitize_numeric($_POST['id']);
$permalink = getcheckboxState('permalink');
$title = process_language_string_save("title", 2);
$desc = process_language_string_save("desc", EDITOR_SANITIZE_LEVEL);
$custom = process_language_string_save("custom_data", 1);
if ($newcategory) {
$titlelink = seoFriendly(get_language_string($title));
if (empty($titlelink)) {
$titlelink = seoFriendly($date);
}
$sql = 'SELECT `id` FROM ' . prefix('news_categories') . ' WHERE `titlelink`=' . db_quote($titlelink);
$rslt = query_single_row($sql, false);
if ($rslt) {
//already exists
$time = explode(' ', microtime());
$titlelink = $titlelink . '_' . ($time[1] + $time[0]);
$reports[] = "<p class='warningbox fade-message'>" . gettext('Duplicate category title') . '</p>';
}
$oldtitlelink = $titlelink;
} else {
$titlelink = $oldtitlelink = sanitize($_POST['titlelink-old'], 3);
if (getcheckboxState('edittitlelink')) {
$titlelink = sanitize($_POST['titlelink'], 3);
if (empty($titlelink)) {
$titlelink = seoFriendly(get_language_string($title));
if (empty($titlelink)) {
$titlelink = seoFriendly($date);
}
}
} else {
if (!$permalink) {
// allow the link to change
$link = seoFriendly(get_language_string($title));
if (!empty($link)) {
$titlelink = $link;
}
}
}
}
$titleok = true;
if ($titlelink != $oldtitlelink) {
// title link change must be reflected in DB before any other updates
$titleok = query('UPDATE ' . prefix('news_categories') . ' SET `titlelink`=' . db_quote($titlelink) . ' WHERE `id`=' . $id, false);
if (!$titleok) {
$titlelink = $oldtitlelink;
// force old link so data gets saved
} else {
SearchEngine::clearSearchCache();
}
}
//update category
$show = getcheckboxState('show');
$cat = new ZenpageCategory($titlelink, true);
$notice = processCredentials($cat);
$cat->setPermalink(getcheckboxState('permalink'));
$cat->set('title', $title);
$cat->setDesc($desc);
$cat->setCustomData(zp_apply_filter('save_category_custom_data', $custom, $cat));
$cat->setShow($show);
if (getcheckboxState('resethitcounter')) {
$cat->set('hitcounter', 0);
}
if (getcheckboxState('reset_rating')) {
$cat->set('total_value', 0);
$cat->set('total_votes', 0);
$cat->set('used_ips', 0);
}
if ($newcategory) {
$msg = zp_apply_filter('new_category', '', $cat);
if (empty($title)) {
$reports[] = "<p class='errorbox fade-message'>" . sprintf(gettext("Category <em>%s</em> added but you need to give it a <strong>title</strong> before publishing!"), $titlelink) . '</p>';
} else {
if ($notice == '?mismatch=user') {
$reports[] = "<p class='errorbox fade-message'>" . gettext('You must supply a password for the Protected Category user') . '</p>';
} else {
if ($notice) {
$reports[] = "<p class='errorbox fade-message'>" . gettext('Your passwords were empty or did not match') . '</p>';
} else {
$reports[] = "<p class='messagebox fade-message'>" . sprintf(gettext("Category <em>%s</em> added"), $titlelink) . '</p>';
}
}
}
} else {
$msg = zp_apply_filter('update_category', '', $cat, $oldtitlelink);
if ($titleok) {
if (empty($titlelink) or empty($title)) {
$reports[] = "<p class='errorbox fade-message'>" . gettext("You forgot to give your category a <strong>title or titlelink</strong>!") . "</p>";
} else {
if ($notice == '?mismatch=user') {
$reports[] = "<p class='errorbox fade-message'>" . gettext('You must supply a password for the Protected Category user') . '</p>';
} else {
if ($notice) {
$reports[] = "<p class='errorbox fade-message'>" . gettext('Your passwords were empty or did not match') . '</p>';
} else {
$reports[] = "<p class='messagebox fade-message'>" . gettext("Category updated!") . "</p>";
}
}
}
} else {
$reports[] = "<p class='errorbox fade-message'>" . sprintf(gettext("A category with the title/titlelink <em>%s</em> already exists!"), html_encode($cat->getTitle())) . "</p>";
}
}
$cat->save();
if ($msg) {
$reports[] = $msg;
}
return $cat;
}
/**
* Updates a menu item (custom link, custom page only) set via POST
*
*/
function updateMenuItem(&$reports)
{
$menuset = checkChosenMenuset();
$result['id'] = sanitize($_POST['id']);
$result['show'] = getCheckboxState('show');
$result['type'] = sanitize($_POST['type']);
$result['title'] = process_language_string_save("title", 2);
$result['include_li'] = getCheckboxState('include_li');
if (isset($_POST['link'])) {
$result['link'] = sanitize($_POST['link'], 0);
} else {
$result['link'] = '';
}
if (getCheckboxState('span')) {
$result['span_id'] = sanitize($_POST['span_id']);
$result['span_class'] = sanitize($_POST['span_class']);
} else {
$result['span_id'] = '';
$result['span_class'] = '';
}
// update the category in the category table
$sql = "UPDATE " . prefix('menu') . " SET title = " . db_quote($result['title']) . ",link=" . db_quote($result['link']) . ",type=" . db_quote($result['type']) . ", `show`=" . db_quote($result['show']) . ",menuset=" . db_quote($menuset) . ",include_li=" . $result['include_li'] . ",span_id=" . db_quote($result['span_id']) . ",span_class=" . db_quote($result['span_class']) . " WHERE `id`=" . $result['id'];
if (query($sql)) {
if (isset($_POST['title']) && empty($result['title'])) {
$reports[] = "<p class='errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>title</strong>!") . "</p>";
} else {
if (isset($_POST['link']) && empty($result['link'])) {
$reports[] = "<p class='errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>link</strong>!") . "</p>";
} else {
$reports[] = "<p class='messagebox fade-message'>" . gettext("Menu item updated!") . "</p>";
}
}
}
return $result;
}
$wmuse = $wmuse | WATERMARK_THUMB;
}
if (isset($_POST['wm_full-' . $i])) {
$wmuse = $wmuse | WATERMARK_FULL;
}
$image->setWMUse($wmuse);
$codeblock1 = sanitize($_POST['codeblock1-' . $i], 0);
$codeblock2 = sanitize($_POST['codeblock2-' . $i], 0);
$codeblock3 = sanitize($_POST['codeblock3-' . $i], 0);
$codeblock = serialize(array("1" => $codeblock1, "2" => $codeblock2, "3" => $codeblock3));
$image->setCodeblock($codeblock);
if (isset($_POST[$i . '-owner'])) {
$image->setOwner(sanitize($_POST[$i . '-owner']));
}
$image->set('filesize', filesize($image->localpath));
$custom = process_language_string_save("{$i}-custom_data", 1);
$image->setCustomData(zp_apply_filter('save_image_custom_data', $custom, $i));
zp_apply_filter('save_image_utilities_data', $image, $i);
$image->save();
// Process move/copy/rename
if ($movecopyrename_action == 'move') {
$dest = trim(sanitize_path($_POST[$i . '-albumselect'], 3));
if ($dest && $dest != $folder) {
if ($e = $image->moveImage($dest)) {
$notify = "&mcrerr=" . $e;
}
} else {
// Cannot move image to same album.
$notify = "&mcrerr=2";
}
} else {
/*** Plugin Options ***/
if (isset($_POST['savepluginoptions'])) {
// all plugin options are handled by the custom option code.
$returntab = "&tab=plugin";
}
/*** custom options ***/
if (!$themeswitch) {
// was really a save.
foreach ($_POST as $postkey => $value) {
if (preg_match('/^' . CUSTOM_OPTION_PREFIX . '/', $postkey)) {
// custom option!
$key = substr($postkey, strpos($postkey, '-') + 1);
$switch = substr($postkey, strlen(CUSTOM_OPTION_PREFIX), -strlen($key) - 1);
switch ($switch) {
case 'text':
$value = process_language_string_save($key, 1);
break;
case 'chkbox':
if (isset($_POST[$key])) {
$value = 1;
} else {
$value = 0;
}
break;
default:
if (isset($_POST[$key])) {
$value = sanitize($_POST[$key], 1);
} else {
$value = '';
}
break;
$key = postIndexDecode($key);
if (substr($key, 0, $l) == $tagsprefix) {
if ($value) {
$tags[] = substr($key, $l);
}
}
}
$tags = array_unique($tags);
$image->setTags(sanitize($tags, 3));
$image->setDateTime(strip($_POST["{$i}-date"]));
$image->setShow(isset($_POST["{$i}-Visible"]));
$image->setCommentsAllowed(strip($_POST["{$i}-allowcomments"]));
if (isset($_POST["{$i}-reset_hitcounter"])) {
$image->set('hitcounter', 0);
}
$image->setCustomData(process_language_string_save("{$i}-custom_data", 1));
$image->save();
// Process move/copy/rename
if ($movecopyrename_action == 'move') {
$dest = sanitize_path($_POST[$i . '-albumselect'], 3);
if ($dest && $dest != $folder) {
if (!$image->moveImage($dest)) {
$notify = "&mcrerr=1";
}
} else {
// Cannot move image to same album.
}
} else {
if ($movecopyrename_action == 'copy') {
$dest = sanitize_path($_POST[$i . '-albumselect'], 2);
if ($dest && $dest != $folder) {
} else {
$movecopyrename_action = '';
}
if ($movecopyrename_action == 'delete') {
unset($single);
$image->remove();
} else {
if (isset($_POST[$i . '-reset_rating'])) {
$image->set('total_value', 0);
$image->set('total_votes', 0);
$image->set('used_ips', 0);
}
$pubdate = $image->setPublishDate(sanitize($_POST['publishdate-' . $i]));
$image->setExpireDate(sanitize($_POST['expirationdate-' . $i]));
$image->setTitle(process_language_string_save("{$i}-title", 2));
$image->setDesc(process_language_string_save("{$i}-desc", EDITOR_SANITIZE_LEVEL));
if (isset($_POST[$i . '-oldrotation']) && isset($_POST[$i . '-rotation'])) {
$oldrotation = (int) $_POST[$i . '-oldrotation'];
$rotation = (int) $_POST[$i . '-rotation'];
if ($rotation != $oldrotation) {
$image->set('rotation', $rotation);
$image->updateDimensions();
$album = $image->getAlbum();
Gallery::clearCache($album->name);
}
}
$image->setCommentsAllowed(isset($_POST["{$i}-allowcomments"]));
if (isset($_POST["reset_hitcounter{$i}"])) {
$image->set('hitcounter', 0);
}
$image->set('filesize', filesize($image->localpath));
/**
* processes the post from the above
* @param int $index the index of the entry in mass edit or 0 if single album
* @param object $album the album object
* @param string $redirectto used to redirect page refresh on move/copy/rename
*@return string error flag if passwords don't match
*@since 1.1.3
*/
function processAlbumEdit($index, $album, &$redirectto)
{
global $gallery;
$redirectto = NULL;
// no redirection required
if ($index == 0) {
$prefix = '';
} else {
$prefix = "{$index}-";
}
$tagsprefix = 'tags_' . $prefix;
$notify = '';
$album->setTitle(process_language_string_save($prefix . 'albumtitle', 2));
$album->setDesc(process_language_string_save($prefix . 'albumdesc', 0));
$tags = array();
$l = strlen($tagsprefix);
foreach ($_POST as $key => $value) {
$key = postIndexDecode($key);
if (substr($key, 0, $l) == $tagsprefix) {
if ($value) {
$tags[] = substr($key, $l);
}
}
}
$tags = array_unique($tags);
$album->setTags($tags);
$album->setDateTime(sanitize($_POST[$prefix . "albumdate"]));
$album->setLocation(process_language_string_save($prefix . 'albumlocation', 3));
if (isset($_POST[$prefix . 'thumb'])) {
$album->setAlbumThumb(sanitize($_POST[$prefix . 'thumb']));
}
$album->setShow(isset($_POST[$prefix . 'Published']));
$album->setCommentsAllowed(isset($_POST[$prefix . 'allowcomments']));
$sorttype = strtolower(sanitize($_POST[$prefix . 'sortby'], 3));
if ($sorttype == 'custom') {
$sorttype = unquote(strtolower(sanitize($_POST[$prefix . 'customimagesort'], 3)));
}
$album->setSortType($sorttype);
if ($sorttype == 'manual' || $sorttype == 'random') {
$album->setSortDirection('image', 0);
} else {
if (empty($sorttype)) {
$direction = 0;
} else {
$direction = isset($_POST[$prefix . 'image_sortdirection']);
}
$album->setSortDirection('image', $direction);
}
$sorttype = strtolower(sanitize($_POST[$prefix . 'subalbumsortby'], 3));
if ($sorttype == 'custom') {
$sorttype = strtolower(sanitize($_POST[$prefix . 'customalbumsort'], 3));
}
$album->setSubalbumSortType($sorttype);
if ($sorttype == 'manual' || $sorttype == 'random') {
$album->setSortDirection('album', 0);
} else {
$album->setSortDirection('album', isset($_POST[$prefix . 'album_sortdirection']));
}
if (isset($_POST[$prefix . 'reset_hitcounter'])) {
$album->set('hitcounter', 0);
}
if (isset($_POST[$prefix . 'reset_rating'])) {
$album->set('total_value', 0);
$album->set('total_votes', 0);
$album->set('used_ips', 0);
}
$fail = '';
if (sanitize($_POST[$prefix . 'password_enabled'])) {
$olduser = $album->getUser();
$newuser = sanitize($_POST[$prefix . 'albumuser']);
$pwd = trim(sanitize($_POST[$prefix . 'albumpass']));
if ($olduser != $newuser) {
if (!empty($newuser) && empty($pwd) && empty($pwd2)) {
$fail = '&mismatch=user';
}
}
if (!$fail && $_POST[$prefix . 'albumpass'] == $_POST[$prefix . 'albumpass_2']) {
$album->setUser($newuser);
if (empty($pwd)) {
if (empty($_POST[$prefix . 'albumpass'])) {
$album->setPassword(NULL);
// clear the album password
}
} else {
$album->setPassword($pwd);
}
} else {
if (empty($fail)) {
$notify = '&mismatch=album';
} else {
$notify = $fail;
}
}
}
$oldtheme = $album->getAlbumTheme();
if (isset($_POST[$prefix . 'album_theme'])) {
$newtheme = sanitize($_POST[$prefix . 'album_theme']);
if ($oldtheme != $newtheme) {
$album->setAlbumTheme($newtheme);
}
}
$album->setPasswordHint(process_language_string_save($prefix . 'albumpass_hint', 3));
if (isset($_POST[$prefix . 'album_watermark'])) {
$album->setWatermark(sanitize($_POST[$prefix . 'album_watermark'], 3));
$album->setWatermarkThumb(sanitize($_POST[$prefix . 'album_watermark_thumb'], 3));
}
$codeblock1 = sanitize($_POST[$prefix . 'codeblock1'], 0);
$codeblock2 = sanitize($_POST[$prefix . 'codeblock2'], 0);
$codeblock3 = sanitize($_POST[$prefix . 'codeblock3'], 0);
$codeblock = serialize(array("1" => $codeblock1, "2" => $codeblock2, "3" => $codeblock3));
$album->setCodeblock($codeblock);
if (isset($_POST[$prefix . '-owner'])) {
$album->setOwner(sanitize($_POST[$prefix . '-owner']));
}
$custom = process_language_string_save($prefix . 'album_custom_data', 1);
$album->setCustomData(zp_apply_filter('save_album_custom_data', $custom, $prefix));
zp_apply_filter('save_album_utilities_data', $album, $prefix);
$album->save();
// Move/Copy/Rename the album after saving.
$movecopyrename_action = '';
if (isset($_POST['a-' . $prefix . 'MoveCopyRename'])) {
$movecopyrename_action = sanitize($_POST['a-' . $prefix . 'MoveCopyRename'], 3);
}
if ($movecopyrename_action == 'delete') {
$dest = dirname($album->name);
if ($album->remove()) {
if ($dest == '/' || $dest == '.') {
$dest = '';
}
$redirectto = $dest;
} else {
$notify = "&mcrerr=7";
}
}
if ($movecopyrename_action == 'move') {
$dest = trim(sanitize_path($_POST['a' . $prefix . '-albumselect'], 3));
// Append the album name.
$dest = ($dest ? $dest . '/' : '') . (strpos($album->name, '/') === FALSE ? $album->name : basename($album->name));
if ($dest && $dest != $album->name) {
if ($album->isDynamic()) {
// be sure there is a .alb suffix
if (substr($dest, -4) != '.alb') {
$dest .= '.alb';
}
}
if ($e = $album->moveAlbum($dest)) {
$notify = "&mcrerr=" . $e;
} else {
$redirectto = $dest;
}
} else {
// Cannot move album to same album.
$notify = "&mcrerr=3";
}
} else {
if ($movecopyrename_action == 'copy') {
$dest = trim(sanitize_path($_POST['a' . $prefix . '-albumselect']));
if ($dest && $dest != $album->name) {
if ($e = $album->copy($dest)) {
$notify = "&mcrerr=" . $e;
}
} else {
// Cannot copy album to existing album.
// Or, copy with rename?
$notify = '&mcrerr=3';
}
} else {
if ($movecopyrename_action == 'rename') {
$renameto = trim(sanitize_path($_POST['a' . $prefix . '-renameto'], 3));
$renameto = str_replace(array('/', '\\'), '', $renameto);
if (dirname($album->name) != '.') {
$renameto = dirname($album->name) . '/' . $renameto;
}
if ($renameto != $album->name) {
if ($album->isDynamic()) {
// be sure there is a .alb suffix
if (substr($renameto, -4) != '.alb') {
$renameto .= '.alb';
}
}
if ($e = $album->rename($renameto)) {
$notify = "&mcrerr=" . $e;
} else {
$redirectto = $renameto;
}
} else {
$notify = "&mcrerr=3";
}
}
}
}
return $notify;
}
/**
* processes the post from the above
*@param int param1 the index of the entry in mass edit or 0 if single album
*@param object param2 the album object
*@return string error flag if passwords don't match
*@since 1.1.3
*/
function processAlbumEdit($index, $album)
{
if ($index == 0) {
$prefix = '';
} else {
$prefix = "{$index}-";
}
$tagsprefix = 'tags_' . $prefix;
$notify = '';
$album->setTitle(process_language_string_save($prefix . 'albumtitle', 2));
$album->setDesc(process_language_string_save($prefix . 'albumdesc', 1));
$tags = array();
for ($i = 0; $i < 4; $i++) {
if (isset($_POST[$tagsprefix . 'new_tag_value_' . $i])) {
$tag = trim(strip($_POST[$tagsprefix . 'new_tag_value_' . $i]));
unset($_POST[$tagsprefix . 'new_tag_value_' . $i]);
if (!empty($tag)) {
$tags[] = $tag;
}
}
}
$l = strlen($tagsprefix);
foreach ($_POST as $key => $value) {
$key = postIndexDecode($key);
if (substr($key, 0, $l) == $tagsprefix) {
if ($value) {
$tags[] = substr($key, $l);
}
}
}
$tags = array_unique($tags);
$album->setTags($tags);
$album->setDateTime(strip($_POST[$prefix . "albumdate"]));
$album->setPlace(process_language_string_save($prefix . 'albumplace', 3));
if (isset($_POST[$prefix . 'thumb'])) {
$album->setAlbumThumb(strip($_POST[$prefix . 'thumb']));
}
$album->setShow(isset($_POST[$prefix . 'Published']));
$album->setCommentsAllowed(isset($_POST[$prefix . 'allowcomments']));
$sorttype = strtolower(sanitize($_POST[$prefix . 'sortby'], 3));
if ($sorttype == 'custom') {
$sorttype = strtolower(sanitize($_POST[$prefix . 'customimagesort'], 3));
}
$album->setSortType($sorttype);
if ($sorttype == 'manual') {
$album->setSortDirection('image', 0);
} else {
if (empty($sorttype)) {
$direction = 0;
} else {
$direction = isset($_POST[$prefix . 'image_sortdirection']);
}
$album->setSortDirection('image', $direction);
}
$sorttype = strtolower(sanitize($_POST[$prefix . 'subalbumsortby'], 3));
if ($sorttype == 'custom') {
$sorttype = strtolower(sanitize($_POST[$prefix . 'customalbumsort'], 3));
}
$album->setSubalbumSortType($sorttype);
if ($sorttype == 'manual') {
$album->setSortDirection('album', 0);
} else {
$album->setSortDirection('album', isset($_POST[$prefix . 'album_sortdirection']));
}
if (isset($_POST[$prefix . 'reset_hitcounter'])) {
$album->set('hitcounter', 0);
}
if (isset($_POST[$prefix . 'reset_rating'])) {
$album->set('total_value', 0);
$album->set('total_votes', 0);
$album->set('used_ips', 0);
}
$olduser = $album->getUser();
$newuser = $_POST[$prefix . 'albumuser'];
$pwd = trim($_POST[$prefix . 'albumpass']);
$fail = '';
if ($olduser != $newuser) {
if ($pwd != $_POST[$prefix . 'albumpass_2']) {
$pwd2 = trim($_POST[$prefix . 'albumpass_2']);
$_POST[$prefix . 'albumpass'] = $pwd;
// invalidate password, user changed without password beign set
if (!empty($newuser) && empty($pwd) && empty($pwd2)) {
$fail = '&mismatch=user';
}
}
}
if ($_POST[$prefix . 'albumpass'] == $_POST[$prefix . 'albumpass_2']) {
$album->setUser($newuser);
if (empty($pwd)) {
if (empty($_POST[$prefix . 'albumpass'])) {
$album->setPassword(NULL);
// clear the gallery password
}
} else {
$album->setPassword($pwd);
}
} else {
if (empty($fail)) {
$notify = '&mismatch=album';
} else {
$notify = $fail;
}
}
$oldtheme = $album->getAlbumTheme();
if (isset($_POST[$prefix . 'album_theme'])) {
$newtheme = strip($_POST[$prefix . 'album_theme']);
if ($oldtheme != $newtheme) {
$album->setAlbumTheme($newtheme);
}
}
$album->setPasswordHint(process_language_string_save($prefix . 'albumpass_hint', 3));
$album->setCustomData(process_language_string_save($prefix . 'album_custom_data', 1));
$album->save();
// Move/Copy/Rename the album after saving.
$movecopyrename_action = '';
if (isset($_POST['a-' . $prefix . 'MoveCopyRename'])) {
$movecopyrename_action = sanitize($_POST['a-' . $prefix . 'MoveCopyRename'], 3);
}
if ($movecopyrename_action == 'move') {
$dest = UTF8ToFileSystem(sanitize_path($_POST['a' . $prefix . '-albumselect'], 3));
// Append the album name.
$dest = ($dest ? $dest . '/' : '') . (strpos($album->name, '/') === FALSE ? $album->name : basename($album->name));
if ($dest && $dest != $album->name) {
if ($returnalbum = $album->moveAlbum($dest)) {
// A slight hack to redirect to the new album after moving.
$_GET['album'] = $returnalbum;
} else {
$notify .= "&mcrerr=1";
}
} else {
// Cannot move album to same album.
}
} else {
if ($movecopyrename_action == 'copy') {
$dest = UTF8ToFileSystem(sanitize_path($_POST['a' . $prefix . '-albumselect'], 3));
// Append the album name.
$dest = ($dest ? $dest . '/' : '') . (strpos($album->name, '/') === FALSE ? $album->name : basename($album->name));
if ($dest && $dest != $album->name) {
if (!$album->copyAlbum($dest)) {
$notify .= "&mcrerr=1";
}
} else {
// Cannot copy album to existing album.
// Or, copy with rename?
}
} else {
if ($movecopyrename_action == 'rename') {
$renameto = UTF8ToFileSystem(sanitize_path($_POST['a' . $prefix . '-renameto'], 3));
$renameto = str_replace(array('/', '\\'), '', $renameto);
if (dirname($album->name) != '.') {
$renameto = dirname($album->name) . '/' . $renameto;
}
if ($renameto != $album->name) {
if ($returnalbum = $album->renameAlbum($renameto)) {
// A slight hack to redirect to the new album after moving.
$_GET['album'] = $returnalbum;
} else {
$notify .= "&mcrerr=1";
}
}
}
}
}
return $notify;
}
static function custom_data($custom, $i, $obj = NULL)
{
if (is_object($i)) {
$obj = $i;
$i = NULL;
} else {
$i = $i . '-';
}
$custom = process_language_string_save($i . "custom_data", 1);
$obj->setCustomData($custom);
return $custom;
}
/**
* The generic field element save handler
* @param type $obj
* @param type $instance
* @param type $fields
*/
protected static function _saveHandler($obj, $instance, $field)
{
if (array_key_exists('edit', $field)) {
$action = $field['edit'];
if (is_null($action)) {
return NULL;
}
} else {
$action = 'default';
}
switch ($action) {
case 'multilingual':
$newdata = process_language_string_save($instance . '-' . $field['name']);
break;
case 'function':
$newdata = call_user_func($field['function'], $obj, $instance, $field, 'save');
break;
default:
if (!is_null($instance)) {
$instance = '_' . $instance;
}
if (isset($_POST[$field['name'] . $instance])) {
$newdata = sanitize($_POST[$field['name'] . $instance]);
} else {
$newdata = NULL;
}
}
return $newdata;
}
if (empty($pwd)) {
if (empty($_POST['imagepass'])) {
setOption('protected_image_password', NULL);
// clear the protected image password
}
} else {
setOption('protected_image_password', $_zp_authority->passwordHash($newuser, $pwd));
}
} else {
if (empty($notify)) {
$notify = '?mismatch=image';
} else {
$notify = $fail;
}
}
setOption('protected_image_hint', process_language_string_save('protected_image_hint', 3));
}
setOption('hotlink_protection', (int) isset($_POST['hotlink_protection']));
setOption('use_lock_image', (int) isset($_POST['use_lock_image']));
$st = sanitize($_POST['image_sorttype'], 3);
if ($st == 'custom') {
$st = unQuote(strtolower(sanitize($_POST['customimagesort'], 3)));
}
setOption('image_sorttype', $st);
setOption('image_sortdirection', (int) isset($_POST['image_sortdirection']));
setOption('auto_rotate', (int) isset($_POST['auto_rotate']));
setOption('IPTC_encoding', sanitize($_POST['IPTC_encoding']));
foreach ($_zp_exifvars as $key => $item) {
setOption($key, (int) array_key_exists($key, $_POST));
}
$returntab = "&tab=image";
